Received: (qmail 43377 invoked by uid 501); 4 Apr 2001 22:16:57 -0000
Message-Id: <20010404221657.43376.qmail@apache.org>
Date: 4 Apr 2001 22:16:57 -0000
From: Patrick Bihan-Faou
Reply-To: patrick-ap@mindstep.com
To: submit@bugz.apache.org
Subject: "satisfy any" does not work when no authentication is defined
X-Send-Pr-Version: 3.110
>Number: 7518
>Category: general
>Synopsis: "satisfy any" does not work when no authentication is defined
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: apache
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: apache
>Arrival-Date: Wed Apr 04 15:20:01 PDT 2001
>Closed-Date:
>Last-Modified:
>Originator: patrick-ap@mindstep.com
>Release: 1.3.19
>Organization:
apache
>Environment:
FreeBSD nitro 4.2-STABLE FreeBSD 4.2-STABLE #0: Sat Mar 3 16:47:49 EST 2001 patrick@nitro:/usr/obj/usr/src/sys/NITRO i386
but this is not relevent...
>Description:
/path/to/a may require authentication (config generated from DB) so "AuthType" may or may not be defined in .
/path/to/a/b never requires authentication
In order to accomodate this, I added "satisfy any" and 'allow from all' in the section.
If "AuthType" etc. is defined in everything works as expected.
If "AuthType" is NOT defined, then access to /path/to/a is granted (this is OK), but access to /path/to/a/b results in an Internal Server Error.
"Satisfy All" does not suffer from the same problem: if no authentication is defined, only the access restriction (allow/deny) are checked and access is granted based on that.
>How-To-Repeat:
The following configuration should trigger the bug.
# AuthType Basic
# AuthUserFile /usr/local/etc/apache/passwd
# AuthName "login test"
# require valid-user
Order allow,deny
Allow from all
Order allow,deny
Allow from all
Satisfy any
DocumentRoot /path/to/a
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, you need]
[to include in the Cc line and make sure the]
[subject line starts with the report component and number, with ]
[or without any 'Re:' prefixes (such as "general/1098:" or ]
["Re: general/1098:"). If the subject doesn't match this ]
[pattern, your message will be misfiled and ignored. The ]
["apbugs" address is not added to the Cc line of messages from ]
[the database automatically because of the potential for mail ]
[loops. If you do not include this Cc, your reply may be ig- ]
[nored unless you are responding to an explicit request from a ]
[developer. Reply only with text; DO NOT SEND ATTACHMENTS! ]